When the kpkeys_hardened_pgtables feature is enabled, we need to be able to modify attributes (specifically the pkey/POIndex) in the linear map at page granularity.
Add the appropriate check to can_set_direct_map() on the same principle as rodata_full and other features. kpkeys_hardened_pgtables currently requires the linear map to be fully PTE-mapped, so we also need to ensure that force_pte_mapping() returns true, like for DEBUG_PAGEALLOC. Both functions can be called very early, before POE is actually detected, so the early_enabled() helper is used. Signed-off-by: Kevin Brodsky <[email protected]> --- arch/arm64/mm/mmu.c | 2 +- arch/arm64/mm/pageattr.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index 493310cf0486..f79e82c0674a 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -760,7 +760,7 @@ static inline bool force_pte_mapping(void) const bool bbml2 = system_capabilities_finalized() ? system_supports_bbml2_noabort() : cpu_supports_bbml2_noabort(); - if (debug_pagealloc_enabled()) + if (debug_pagealloc_enabled() || kpkeys_hardened_pgtables_early_enabled()) return true; if (bbml2) return false; diff --git a/arch/arm64/mm/pageattr.c b/arch/arm64/mm/pageattr.c index ecdfaa9701e1..4405f93f1586 100644 --- a/arch/arm64/mm/pageattr.c +++ b/arch/arm64/mm/pageattr.c @@ -101,7 +101,8 @@ bool can_set_direct_map(void) * Realms need to make pages shared/protected at page granularity. */ return rodata_full || debug_pagealloc_enabled() || - arm64_kfence_can_set_direct_map() || is_realm_world(); + arm64_kfence_can_set_direct_map() || is_realm_world() || + kpkeys_hardened_pgtables_early_enabled(); } static int update_range_prot(unsigned long start, unsigned long size, -- 2.51.2
